Cloud Computing - ansprotech.com CC.pdf · 17ANSP-CC-008 Circuit Ciphertext -Policy Attribute Based...
Transcript of Cloud Computing - ansprotech.com CC.pdf · 17ANSP-CC-008 Circuit Ciphertext -Policy Attribute Based...
ANSPRO TECHNOLOGIES
#7, 1st Floor, 100 ft Ring Road B.T.M 2nd Stage, Near Jayadeva Hospital, Bangaluru-7
Ph:080-64350727 Mob:8095286693 / 9886832434/ 7204005296
Email: [email protected]
www.ansprotech.com
IEEE 2016-17 PROJECT LIST(JAVA)
Cloud Computing
17ANSP-CC-001 A Secure and Dynamic Multi-Keyword Ranked Search
Scheme over Encrypted Cloud Data
Due to the increasing popularity of cloud computing, more
and more data owners are motivated to outsource their data to
cloud servers for great convenience and reduced cost in data
management. However, sensitive data should be encrypted
before outsourcing for privacy requirements, which obsoletes
data utilization like keyword-based document retrieval. In this
paper, we present a secure multi-keyword ranked search
scheme over encrypted cloud data, which simultaneously
supports dynamic update operations like deletion and
insertion of documents. Specifically, the vector space model
and the widely-used TF _ IDF model are combined in the
index construction and query generation. We construct a
special tree-based index structure and propose a “Greedy
Depth-first Search” algorithm to provide efficient multi-
keyword ranked search. The secure kNN algorithm is utilized
to encrypt the index and query vectors, and meanwhile ensure
accurate relevance score calculation between encrypted index
and query vectors. In order to resist statistical attacks,
phantom terms are added to the index vector for blinding
search results. Due to the use of our special tree-based index
structure, the proposed scheme can achieve sub-linear search
time and deal with the deletion and insertion of documents
flexibly.
Extensive experiments are conducted to demonstrate the
efficiency of the proposed scheme. 17ANSP-CC-002 Privacy-Preserving Patient-Centric Clinical Decision Support
System on Na¨ıve Bayesian Classification
ANSPRO TECHNOLOGIES
#7, 1st Floor, 100 ft Ring Road B.T.M 2nd Stage, Near Jayadeva Hospital, Bangaluru-7
Ph:080-64350727 Mob:8095286693 / 9886832434/ 7204005296
Email: [email protected]
www.ansprotech.com
Clinical decision support system, which uses advanced data
mining techniques to help clinician make proper decisions,
has received considerable attention recently. The advantages
of clinical decision support system include not only
improving diagnosis accuracy but also reducing diagnosis
time. Specifically, with large amounts of clinical data
generated everyday, na¨ıve Bayesian classification can be
utilized to excavate valuable information to improve a clinical
decision support system. Although the clinical decision
support system is quite promising, the flourish of the system
still faces many challenges including information security and
privacy concerns. In this paper, we propose a new privacy-
preserving patient-centric clinical decision support system,
which helps clinician complementary to diagnose the risk of
patients’ disease in a privacy-preserving way. In the proposed
system, the past patients’ historical data are stored in cloud
and can be used to train the na¨ıve Bayesian classifier without
leaking any individual patient medical data, and then the
trained classifier can be applied to compute the disease risk
for new coming patients and also allow these patients to
retrieve the top-k disease names according to their own
preferences. Specifically, to protect the privacy of past
patients’ historical data, a new cryptographic tool called
additive homomorphic proxy aggregation scheme is
designed. Moreover, to leverage the leakage of na¨ıve
Bayesian classifier, we introduce a privacy-preserving topk
disease names retrieval protocol in our system. Detailed
privacy analysis ensures that patient’s information is private
and will not be leaked out during the disease diagnosis phase.
In addition, performance evaluation via extensive simulations
also demonstrates that our system can efficiently calculate
patient’s disease risk with high accuracy in a privacy-
preserving way.
ANSPRO TECHNOLOGIES
#7, 1st Floor, 100 ft Ring Road B.T.M 2nd Stage, Near Jayadeva Hospital, Bangaluru-7
Ph:080-64350727 Mob:8095286693 / 9886832434/ 7204005296
Email: [email protected]
www.ansprotech.com
17ANSP-CC-003 Heuristic Virtual Machine Allocation for Multi-Tier Ambient
Assisted Living Applications in a Cloud Data Center
Cloud computing provides the essential infrastructure for
multi-tier Ambient Assisted Living (AAL) applications that
facilitate people’s lives. Resource provisioning is a critically
important problem for AAL applications in cloud data centers
(CDCs). This paper focuses on modeling and analysis of
multi-tier AAL applications, and aims to optimize resource
provisioning while meeting requests’ response time
constraint. This paper models a multi-tier AAL application as
a hybrid multi-tier queueing model consisting of an M/M/c
queueing model and multiple M/ M/1 queueing models. Then,
virtual machine (VM) allocation is formulated as a
constrained optimization problem in a CDC, and is further
solved with the proposed heuristic VM allocation algorithm
(HVMA). The results demonstrate that the proposed model
and algorithm can effectively achieve dynamic resource
provisioning while meeting the performance constraint. 17ANSP-CC-004 Encrypted Data Management with Deduplication in Cloud
Computing
This article proposes a scheme based on attribute based
encryption (ABE) to deduplicate encrypted data stored in the
cloud while at the same time supporting secure data access
control. Cloud computing offers a new way to deliver services
by rearranging resources over the Internet and providing them
to users on demand. It plays an important role in supporting
data storage, processing, and management in the Internet of
Things (IoT). Various cloud service providers (CSPs) offer
huge volumes of storage to maintain and manage IoT data,
which can include videos, photos, and personal health
records. Cloud computing offers a new way to deliver
services by rearranging resources over the Internet and
providing them to users on demand. It plays an important role
ANSPRO TECHNOLOGIES
#7, 1st Floor, 100 ft Ring Road B.T.M 2nd Stage, Near Jayadeva Hospital, Bangaluru-7
Ph:080-64350727 Mob:8095286693 / 9886832434/ 7204005296
Email: [email protected]
www.ansprotech.com
in supporting data storage, processing, and management in the
Internet of Things (IoT). Various cloud service providers
(CSPs) offer huge volumes of storage to maintain and manage
IoT data, which can include videos, photos, and personal
health records. 17ANSP-CC-005 Resource Allocation in Cloud Computing Using the
Uncertainty Principle of Game Theory
Virtualization of resources on the cloud offers a scalable
means of consuming services beyond the capabilities of small
systems. In a cloud that offers infrastructure such as
processor, memory, hard disk, etc., a coalition of virtual
machines formed by grouping two or more may be needed.
Economical management of cloud resources needs allocation
strategies with minimum wastage, while configuring services
ahead of actual requests. We propose a resource allocation
mechanism for machines on the cloud, based on the principles
of coalition formation and the uncertainty principle of game
theory. We compare the results of applying this mechanism
with existing resource allocation methods that have been
deployed on the cloud. We also show that this method of
resource allocation by coalition-formation of the machines on
the cloud leads not only to better resource utilization but also
higher request satisfaction. 17ANSP-CC-006 A Semi-Automatic Approach of Transforming Applications
to be Multi-Tenancy Enabled
As a popular technique in cloud computing, multi-tenancy
(MT) can significantly ease software maintenance, and
improve resource utilization. To make use of the MT
technique, an application may need to be transformed to be
MT-enabled. This process involves finding and processing a
special kind of data entities named global isolation points
(GIPs). Practically, finding all GIPs of an application is
challenging. Traditional method involves manually browsing
ANSPRO TECHNOLOGIES
#7, 1st Floor, 100 ft Ring Road B.T.M 2nd Stage, Near Jayadeva Hospital, Bangaluru-7
Ph:080-64350727 Mob:8095286693 / 9886832434/ 7204005296
Email: [email protected]
www.ansprotech.com
the application code, requiring a great deal of human effort.
To solve this problem, we introduce a toolkit named Auto-
MT to help find and process GIPs of an application. Auto-MT
is able to find new GIPs based on their relations to known
GIPs. To characterize the relation, a novel graph called value
flow graph (VFG) is introduced, which models the value
flows of data entities. It can also be used in other scenarios,
like taint analysis. We have implemented Auto-MT as an
Eclipse Plug-in, and applied it to transform Roller, a widely
used Java application. Experimental results show that Auto-
MT saves substantial human effort, and accelerates the
process of transforming applications to be MT-enabled. 17ANSP-CC-007 A Secure Anti-Collusion Data Sharing Scheme for Dynamic
Groups in the Cloud
Benefited from cloud computing, users can achieve an
effective and economical approach for data sharing among
group members in the cloud with the characters of low
maintenance and little management cost. Meanwhile, we must
provide security guarantees for the sharing data files since
they are outsourced. Unfortunately, because of the frequent
change of the membership, sharing data while providing
privacy-preserving is still a challenging issue, especially for
an untrusted cloud due to the collusion attack.
Moreover, for existing schemes, the security of key
distribution is based on the secure communication channel,
however, to have such channel is a strong assumption and is
difficult for practice. In this paper, we propose a secure data
sharing scheme for dynamic members. First, we propose a
secure way for key distribution without any secure
communication channels, and the users can securely obtain
their private keys from group manager. Second, our scheme
can achieve fine-grained access control, any user in the group
can use the source in the cloud and revoked users cannot
access the cloud again after they are revoked. Third, we can
ANSPRO TECHNOLOGIES
#7, 1st Floor, 100 ft Ring Road B.T.M 2nd Stage, Near Jayadeva Hospital, Bangaluru-7
Ph:080-64350727 Mob:8095286693 / 9886832434/ 7204005296
Email: [email protected]
www.ansprotech.com
protect the scheme from collusion attack, which means that
revoked users cannot get the original data file even if they
conspire with the untrusted cloud. In our approach, by
leveraging polynomial function, we can achieve a secure user
revocation scheme. Finally, our scheme can achieve fine
efficiency, which means previous users need not to update
their private keys for the situation either a new user joins in
the group or a user is revoked from the group. 17ANSP-CC-008 Circuit Ciphertext-Policy Attribute-Based Hybrid Encryption
with Verifiable Delegation in Cloud Computing
In the cloud, for achieving access control and keeping data
confidential, the data owners could adopt attribute-based
encryption to encrypt the stored data. Users with limited
computing power are however more likely to delegate the
mask of the decryption task to the cloud servers to reduce the
computing cost. As a result, attribute-based encryption with
delegation emerges. Still, there are caveats and questions
remaining in the previous relevant works. For instance, during
the delegation, the cloud servers could tamper or replace the
delegated ciphertext and respond a forged computing result
with malicious intent. They may also cheat the eligible users
by responding them that they are ineligible for the purpose of
cost saving. Furthermore, during the encryption, the access
policies may not be flexible enough as well. Since policy for
general circuits enables to achieve the strongest form of
access control, a construction for realizing circuit ciphertext-
policy attribute-based hybrid encryption with verifiable
delegation has been considered in our work. In such a system,
combined with verifiable computation and encrypt-then-mac
mechanism, the data confidentiality, the fine-grained access
control and the correctness of the delegated computing results
are well guaranteed at the same time. Besides, our scheme
achieves security against chosen-plaintext attacks under the
k-multilinear Decisional Diffie-Hellman assumption.
ANSPRO TECHNOLOGIES
#7, 1st Floor, 100 ft Ring Road B.T.M 2nd Stage, Near Jayadeva Hospital, Bangaluru-7
Ph:080-64350727 Mob:8095286693 / 9886832434/ 7204005296
Email: [email protected]
www.ansprotech.com
Moreover, an extensive simulation campaign confirms the
feasibility and efficiency of the proposed solution.
17ANSP-CC-009 An Efficient Algorithm for the Bursting of Service-Based
Applications in Hybrid Clouds
Enterprises are more and more using hybrid cloud
environments to deploy and run applications. This consists in
providing and managing software and hardware resources
within the enterprise and getting additional resources
provided externally by public clouds whenever this is needed.
In this later case, deployment of new applications consists in
choosing a placement of some components in the private
cloud and some others in the public cloud. To tackle this NP-
hard problem, we have proposed in a previous work an
approximate approach based on communication and hosting
costs induced by the deployment of components in the public
cloud. In this paper, we go further and propose a new efficient
algorithm adapted for service-based applications modelled
that can be not only described as behavior-based but also as
architecture-based compositions of services. 17ANSP-CC-010 Enabling Fine-Grained Multi-Keyword Search Supporting
Classified Sub-Dictionaries over Encrypted Cloud Data
Using cloud computing, individuals can store their data on
remote servers and allow data access to public users through
the cloud servers. As the outsourced data are likely to contain
sensitive privacy information, they are typically encrypted
before uploaded to the cloud. This, however, significantly
limits the usability of outsourced data due to the difficulty of
searching over the encrypted data. In this paper, we address
this issue by developing the fine-grained multi-keyword
search schemes over encrypted cloud data. Our original
contributions are three-fold. First, we introduce the relevance
scores and preference factors upon keywords which enable
ANSPRO TECHNOLOGIES
#7, 1st Floor, 100 ft Ring Road B.T.M 2nd Stage, Near Jayadeva Hospital, Bangaluru-7
Ph:080-64350727 Mob:8095286693 / 9886832434/ 7204005296
Email: [email protected]
www.ansprotech.com
the precise keyword search and personalized user experience.
Second, we develop a practical and very efficient multi-
keyword search scheme. The proposed scheme can support
complicated logic search the mixed “AND”, “OR” and “NO”
operations of keywords. Third, we further employ the
classified sub-dictionaries technique to achieve better
efficiency on index building, trapdoor generating and query.
Lastly, we analyze the security of the proposed schemes in
terms of confidentiality of documents, privacy protection of
index and trapdoor, and unlinkability of trapdoor. Through
extensive experiments using the real-world dataset, we
validate the performance of the proposed schemes. Both the
security analysis and experimental results demonstrate that
the proposed schemes can achieve the same security level
comparing to the existing ones and better performance in
terms of functionality, query complexity and efficiency. 17ANSP-CC-011 CloudArmor: Supporting Reputation-Based Trust
Management for Cloud Services
Trust management is one of the most challenging issues for
the adoption and growth of cloud computing. The highly
dynamic, distributed, and non-transparent nature of cloud
services introduces several challenging issues such as
privacy, security, and availability. Preserving consumers’
privacy is not an easy task due to the sensitive information
involved in the interactions between consumers and the trust
management service. Protecting cloud services against their
malicious users (e.g., such users might give misleading
feedback to disadvantage a particular cloud service) is a
difficult problem. Guaranteeing the availability of the trust
management service is another significant challenge because
of the dynamic nature of cloud environments. In this article,
we describe the design and implementation of CloudArmor, a
reputation-based trust management framework that provides
a set of functionalities to deliver trust as a service (TaaS),
ANSPRO TECHNOLOGIES
#7, 1st Floor, 100 ft Ring Road B.T.M 2nd Stage, Near Jayadeva Hospital, Bangaluru-7
Ph:080-64350727 Mob:8095286693 / 9886832434/ 7204005296
Email: [email protected]
www.ansprotech.com
which includes i) a novel protocol to prove the credibility of
trust feedbacks and preserve users’ privacy, ii) an adaptive
and robust credibility model for measuring the credibility of
trust feedbacks to protect cloud services from malicious users
and to compare the trustworthiness of cloud services, and iii)
an availability model to manage the availability of the
decentralized implementation of the trust management
service. The feasibility and benefits of our approach have
been validated by a prototype and experimental studies using
a collection of real-world trust feedbacks on cloud services. 17ANSP-CC-012 Dispersing Instant Social Video Service Across Multiple
Clouds
Instant social video sharing which combines the online social
network and user-generated short video streaming services,
has become popular in today’s Internet. Cloud-based hosting
of such instant social video contents has become a norm to
serve the increasing users with user-generated contents. A
fundamental problem of cloud-based social video sharing
service is that users are located globally, who cannot be
served with good service quality with a single cloud provider.
In this paper, we investigate the feasibility of dispersing
instant social video contents to multiple cloud providers. The
challenge is that inter-cloud social propagation is
indispensable with such multi-cloud social video hosting, yet
such inter-cloud traffic incurs substantial operational cost. We
analyze and formulate the multi-cloud hosting of an instant
social video system as an optimization problem. We conduct
large-scale measurement studies to show the characteristics of
instant social video deployment, and demonstrate the trade-
off between satisfying users with their ideal cloud providers,
and reducing the inter-cloud data propagation. Our
measurement insights of the social propagation allow us to
propose a heuristic algorithm with acceptable complexity to
solve the optimization problem, by partitioning a
ANSPRO TECHNOLOGIES
#7, 1st Floor, 100 ft Ring Road B.T.M 2nd Stage, Near Jayadeva Hospital, Bangaluru-7
Ph:080-64350727 Mob:8095286693 / 9886832434/ 7204005296
Email: [email protected]
www.ansprotech.com
propagation-weighted social graph in two phases: a
preference-aware initial cloud provider selection and a
propagation-aware re-hosting. Our simulation experiments
driven by real-world social network traces show the
superiority of our design. 17ANSP-CC-013 Coral: A Cloud-Backed Frugal File System
With simple access interfaces and flexible billing models,
cloud storage has become an attractive solution to simplify
the storage management for both enterprises and individual
users. However, traditional file systems with extensive
optimizations for local disk-based storage backend can not
fully exploit the inherent features of the cloud to obtain
desirable performance. In this paper, we present the design,
implementation, and evaluation of Coral, a cloud based file
system that strikes a balance between performance and
monetary cost. Unlike previous studies that treat cloud storage
as just a normal backend of existing networked file systems,
Coral is designed to address several key issues in optimizing
cloud-based file systems such as the data layout, block
management, and billing model. With carefully designed data
structures and algorithms, such as identifying semantically
correlated data blocks, kd-tree based caching policy with self-
adaptive thrashing prevention, effective data layout, and
optimal garbage collection, Coral achieves good performance
and cost savings under various workloads as demonstrated by
extensive evaluations. 17ANSP-CC-014 An Efficient Privacy-Preserving Ranked Keyword Search
Method
Cloud data owners prefer to outsource documents in an
encrypted form for the purpose of privacy preserving.
Therefore it is essential to develop efficient and reliable
ciphertext search techniques. One challenge is that the
relationship between documents will be normally concealed
ANSPRO TECHNOLOGIES
#7, 1st Floor, 100 ft Ring Road B.T.M 2nd Stage, Near Jayadeva Hospital, Bangaluru-7
Ph:080-64350727 Mob:8095286693 / 9886832434/ 7204005296
Email: [email protected]
www.ansprotech.com
in the process of encryption, which will lead to significant
search accuracy performance degradation. Also the volume of
data in data centers has experienced a dramatic growth. This
will make it even more challenging to design ciphertext
search schemes that can provide efficient and reliable online
information retrieval on large volume of encrypted data. In
this paper, a hierarchical clustering method is proposed to
support more search semantics and also to meet the demand
for fast ciphertext search within a big data environment. The
proposed hierarchical approach clusters the documents based
on the minimum relevance threshold, and then partitions the
resulting clusters into sub-clusters until the constraint on the
maximum size of cluster is reached. In the search phase, this
approach can reach a linear computational complexity against
an exponential size increase of document collection. In order
to verify the authenticity of search results, a structure called
minimum hash sub-tree is designed in this paper. Experiments
have been conducted using the collection set built from the
IEEE Xplore. The results show that with a sharp increase of
documents in the dataset the search time of the proposed
method increases linearly whereas the search time of the
traditional method increases exponentially. Furthermore, the
proposed method has an advantage over the traditional
method in the rank privacy and relevance of retrieved
documents. 17ANSP-CC-015 Performance-Aware Cloud Resource Allocation via Fitness-
Enabled Auction
Cloud computing is a new computing paradigm which
features renting the computation devices instead of buying
them. In a typical cloud computing environment, there will
always be different kinds of cloud resources and a number of
cloud services making use of cloud resources to run on. As
we can see, these cloud services usually have different
performance traits. Some may be I/O-intensive, like those
ANSPRO TECHNOLOGIES
#7, 1st Floor, 100 ft Ring Road B.T.M 2nd Stage, Near Jayadeva Hospital, Bangaluru-7
Ph:080-64350727 Mob:8095286693 / 9886832434/ 7204005296
Email: [email protected]
www.ansprotech.com
data querying services, while others might demand more CPU
cycles, like 3D image processing services. Meanwhile, cloud
resources also have different kinds of capabilities such as data
processing, I/O throughput, 3D image rendering, etc. A
simple fact is that allocating a suitable resource will greatly
improve the performance of the cloud service, and make the
cloud resource itself more efficient as well. In this paper, a
new cloud resource allocating algorithm via fitness-enabled
auction is proposed to guarantee the fitness of performance
traits between cloud resources (sellers) and cloud services
(buyers). We study the allocating algorithm in terms of
economic efficiency and system performance, and
experiments show that the allocation is far more efficient in
comparison with the continuous double auction in which the
idea of fitness is not introduced. 17ANSP-CC-016 CaCo: An Efficient Cauchy Coding Approach for Cloud
Storage Systems
Users of cloud storage usually assign different redundancy
configurations (i.e., k, m, w) of erasure codes, depending on
the desired balance between performance and fault tolerance.
Our study finds that with very low probability, one coding
scheme chosen by rules of thumb, for a given redundancy
configuration, performs best. In this paper, we propose CaCo,
an efficient Cauchy coding approach for data storage in the
cloud. First, CaCo uses Cauchy matrix heuristics to produce
a matrix set. Second, for each matrix in this set, CaCo uses
XOR schedule heuristics to generate a series of schedules.
Finally, CaCo selects the shortest one from all the produced
schedules. In such a way, CaCo has the ability to identify an
optimal coding scheme, within the capability of the current
state of the art, for an arbitrary given redundancy
configuration. By leverage of CaCo’s nature of ease to
parallelize, we boost significantly the performance of the
selection process with abundant computational resources in
ANSPRO TECHNOLOGIES
#7, 1st Floor, 100 ft Ring Road B.T.M 2nd Stage, Near Jayadeva Hospital, Bangaluru-7
Ph:080-64350727 Mob:8095286693 / 9886832434/ 7204005296
Email: [email protected]
www.ansprotech.com
the cloud. We implement CaCo in the Hadoop distributed file
system and evaluate its performance by comparing with
“Hadoop-EC” developed by Microsoft research. Our
experimental results indicate that CaCo can obtain an optimal
coding scheme within acceptable time. Furthermore, CaCo
outperforms Hadoop-EC by 26.68-40.18 percent in the
encoding time and by 38.4-52.83 percent in the decoding time
simultaneously. 17ANSP-CC-017 Incentive Mechanisms for Crowdsensing: Crowdsourcing
With Smartphones
Smartphones are programmable and equipped with a set of
cheap but powerful embedded sensors, such as accelerometer,
digital compass, gyroscope, GPS, microphone, and camera.
These sensors can collectively monitor a diverse range of
human activities and the surrounding environment.
Crowdsensing is a new paradigm which takes advantage of
the pervasive smartphones to sense, collect, and analyze data
beyond the scale of what was previously possible. With the
crowdsensing system, a crowdsourcer can recruit smartphone
users to provide sensing service. Existing crowdsensing
applications and systems lack good incentive mechanisms
that can attract more user participation. To address this issue,
we design incentive mechanisms for crowdsensing. We
consider two system models: the crowdsourcer-centric model
where the crowdsourcer provides a reward shared by
participating users, and the user-centric model where users
have more control over the payment they will receive. For the
crowdsourcer-centric model, we design an incentive
mechanism using a Stackelberg game, where the
crowdsourcer is the leader while the users are the followers.
We show how to compute the unique Stackelberg
Equilibrium, at which the utility of the crowdsourcer is
maximized, and none of the users can improve its utility by
ANSPRO TECHNOLOGIES
#7, 1st Floor, 100 ft Ring Road B.T.M 2nd Stage, Near Jayadeva Hospital, Bangaluru-7
Ph:080-64350727 Mob:8095286693 / 9886832434/ 7204005296
Email: [email protected]
www.ansprotech.com
unilaterally deviating from its current strategy. For the user-
centric model, we design an auction-based incentive
mechanism, which is computationally efficient, individually
rational, profitable, and truthful. Through extensive
simulations, we evaluate the performance and validate the
theoretical properties of our incentive mechanisms. 17ANSP-CC-018 Enabling Mobile Cloud Wide Spread Through an
Evolutionary Market-Based Approach
Mobile clouds are an ongoing research topic that has yet to
become ubiquitous as the now popular cloud paradigm. This
is because of a number of issues with mobile clouds that still
need to be addressed such as: incentives, security, privacy,
context, data management, usability, and cost benefits. Out of
these issues, the most important one that needs to be
addressed is the issue of incentives, without which mobile
clouds cannot gain enough users for the concept to be useful.
Unlike public, company-owned cloud systems, in mobile
clouds, the amount of resources or processing power is
directly dependent on mobile cloud users that are in the
proximity of the individual that requires extra resources. With
an increase in the number of mobile cloud users willing to
share resources or willing to use the service offered by others,
comes an increase in the likeliness that enough mobile-cloud-
enabled devices will be available. In this paper, we study
incentives for mobile cloud systems and consider as a solution
an evolutionary market-based approach to create these
incentives. Creating a market for these systems is particularly
difficult because of the large number of individuals that need
to be involved and their high mobility. 17ANSP-CC-019 Trust-but-Verify: Verifying Result Correctness of
Outsourced Frequent Itemset Mining in Data-Mining-As-a-
Service Paradigm
ANSPRO TECHNOLOGIES
#7, 1st Floor, 100 ft Ring Road B.T.M 2nd Stage, Near Jayadeva Hospital, Bangaluru-7
Ph:080-64350727 Mob:8095286693 / 9886832434/ 7204005296
Email: [email protected]
www.ansprotech.com
Cloud computing is popularizing the computing paradigm in
which data is outsourced to a third-party service provider
(server) for data mining. Outsourcing, however, raises a
serious security issue: how can the client of weak
computational power verify that the server returned correct
mining result? In this paper, we focus on the specific task of
frequent itemset mining. We consider the server that is
potentially untrusted and tries to escape from verification by
using its prior knowledge of the outsourced data. We propose
efficient probabilistic and deterministic verification
approaches to check whether the server has returned correct
and complete frequent itemsets. Our probabilistic approach
can catch incorrect results with high probability, while our
deterministic approach measures the result correctness with
100 percent certainty. We also design efficient verification
methods for both cases that the data and the mining setup are
updated. We demonstrate the effectiveness and efficiency of
our methods using an extensive set of empirical results on real
datasets. 17ANSP-CC-020 Privacy Preserving Ranked Multi-Keyword Search for
Multiple Data Owners in Cloud Computing
With the advent of cloud computing, it has become
increasingly popular for data owners to outsource their data
to public cloud servers while allowing data users to retrieve
this data. For privacy concerns, secure searches over
encrypted cloud data has motivated several research works
under the single owner model. However, most cloud servers
in practice do not just serve one owner; instead, they support
multiple owners to share the benefits brought by cloud
computing. In this paper, we propose schemes to deal with
privacy preserving ranked multi-keyword search in a multi-
owner model (PRMSM). To enable cloud servers to perform
secure search without knowing the actual data of both
keywords and trapdoors, we systematically construct a novel
ANSPRO TECHNOLOGIES
#7, 1st Floor, 100 ft Ring Road B.T.M 2nd Stage, Near Jayadeva Hospital, Bangaluru-7
Ph:080-64350727 Mob:8095286693 / 9886832434/ 7204005296
Email: [email protected]
www.ansprotech.com
secure search protocol. To rank the search results and
preserve the privacy of relevance scores between keywords
and files, we propose a novel additive order and privacy
preserving function family. To prevent the attackers from
eavesdropping secret keys and pretending to be legal data
users submitting searches, we propose a novel dynamic secret
key generation protocol and a new data user authentication
protocol. Furthermore, PRMSM supports efficient data user
revocation. Extensive experiments on real-world datasets
confirm the efficacy and efficiency of PRMSM. 17ANSP-CC-021 TMACS: A Robust and Verifiable Threshold Multi-Authority
Access Control System in Public Cloud Storage
Attribute-based Encryption (ABE) is regarded as a promising
cryptographic conducting tool to guarantee data owners’
direct control over their data in public cloud storage. The
earlier ABE schemes involve only one authority to maintain
the whole attribute set, which can bring a single-point
bottleneck on both security and performance. Subsequently,
some multi-authority schemes are proposed, in which
multiple authorities separately maintain disjoint attribute
subsets. However, the single-point bottleneck problem
remains unsolved. In this paper, from another perspective, we
conduct a threshold multi-authority CP-ABE access control
scheme for public cloud storage, named TMACS, in which
multiple authorities jointly manage a uniform attribute set. In
TMACS, taking advantage of (t; n) threshold secret sharing,
the master key can be shared among multiple authorities, and
a legal user can generate his/her secret key by interacting with
any t authorities. Security and performance analysis results
show that TMACS is not only verifiable secure when less than
t authorities are compromised, but also robust when no less
than t authorities are alive in the system. Furthermore, by
efficiently combining the traditional multi-authority scheme
with TMACS, we construct a hybrid one, which satisfies the
ANSPRO TECHNOLOGIES
#7, 1st Floor, 100 ft Ring Road B.T.M 2nd Stage, Near Jayadeva Hospital, Bangaluru-7
Ph:080-64350727 Mob:8095286693 / 9886832434/ 7204005296
Email: [email protected]
www.ansprotech.com
scenario of attributes coming from different authorities as
well as achieving security and system-level robustness.
17ANSP-CC-022 Skyline Discovery and Composition of Multi-Cloud Mashup
Services
A cloud mashup is composed of multiple services with shared
datasets and integrated functionalities. For example, the
elastic compute cloud (EC2) provided by Amazon Web
Service (AWS), the authentication and authorization services
provided by Facebook, and the Map service provided by
Google can all be mashed up to deliver real-time,
personalized driving route recommendation service. To
discover qualified services and compose them with
guaranteed quality of service (QoS), we propose an integrated
skyline query processing method for building up cloud
mashup applications. We use a similarity test to achieve
optimal localized skyline. This mashup method scales well
with the growing number of cloud sites involved in the
mashup applications. Faster skyline selection, reduced
composition time, dataset sharing, and resources integration
assure the QoS over multiple clouds. We experiment with the
quality of web service (QWS) benchmark over 10,000 web
services along six QoS dimensions. By utilizing block-
elimination, data-space partitioning, and service similarity
pruning, the skyline process is shortened by three times, when
compared with two state-of-the-art methods. 17ANSP-CC-023 Ensuring Cloud Data Reliability with Minimum Replication
by Proactive Replica Checking
Data reliability and storage costs are two primary concerns for
current Cloud storage systems. To ensure data reliability, the
widely used multi-replica (typically three) replication strategy
in current Clouds incurs a huge extra storage consumption,
resulting in a huge storage cost for data-intensive applications
in the Cloud in particular. In order to reduce the Cloud storage
ANSPRO TECHNOLOGIES
#7, 1st Floor, 100 ft Ring Road B.T.M 2nd Stage, Near Jayadeva Hospital, Bangaluru-7
Ph:080-64350727 Mob:8095286693 / 9886832434/ 7204005296
Email: [email protected]
www.ansprotech.com
consumption while meeting the data reliability requirement,
in this paper we present a cost-effective data reliability
management mechanism named PRCR based on a
generalized data reliability model. By using a proactive
replica checking approach, while the running overhead for
PRCR is negligible, PRCR ensures reliability of the massive
Cloud data with the minimum replication, which can also
serve as a cost effectiveness benchmark for replication based
approaches. Our simulation indicates that, compared with the
conventional three-replica strategy, PRCR can reduce from
one-third to two-thirds of the Cloud storage space
consumption, hence significantly lowering the storage cost in
a Cloud. 17ANSP-CC-024 Secure Cloud Storage Meets with Secure Network Coding
This paper reveals an intrinsic relationship between secure
cloud storage and secure network coding for the first time.
Secure cloud storage was proposed only recently while secure
network coding has been studied for more than ten years.
Although the two areas are quite different in their nature and
are studied independently, we show how to construct a secure
cloud storage protocol given any secure network coding
protocol. This gives rise to a systematic way to construct
secure cloud storage protocols. Our construction is secure
under a definition which captures the real world usage of the
cloud storage. Furthermore, we propose two specific secure
cloud storage protocols based on two recent secure network
coding protocols. In particular, we obtain the first publicly
verifiable secure cloud storage protocol in the standard model.
We also enhance the proposed generic construction to support
user anonymity and third-party public auditing, which both
have received considerable attention recently. Finally, we
prototype the newly proposed protocol and evaluate its
performance. Experimental results validate the effectiveness
of the protocol.
ANSPRO TECHNOLOGIES
#7, 1st Floor, 100 ft Ring Road B.T.M 2nd Stage, Near Jayadeva Hospital, Bangaluru-7
Ph:080-64350727 Mob:8095286693 / 9886832434/ 7204005296
Email: [email protected]
www.ansprotech.com
17ANSP-CC-025 Leveraging Data Deduplication to Improve the Performance
of Primary Storage Systems in the Cloud
With the explosive growth in data volume, the I/O bottleneck
has become an increasingly daunting challenge for big data
analytics in the Cloud. Recent studies have shown that
moderate to high data redundancy clearly exists in primary
storage systems in the Cloud. Our experimental studies reveal
that data redundancy exhibits a much higher level of intensity
on the I/O path than that on disks due to relatively high
temporal access locality associated with small I/O requests to
redundant data. Moreover, directly applying data
deduplication to primary storage systems in the Cloud will
likely cause space contention in memory and data
fragmentation on disks. Based on these observations, we
propose a performance-oriented I/O deduplication, called
POD, rather than a capacity-oriented I/O deduplication,
exemplified by iDedup, to improve the I/O performance of
primary storage systems in the Cloud without sacrificing
capacity savings of the latter. POD takes a two-pronged
approach to improving the performance of primary storage
systems and minimizing performance overhead of
deduplication, namely, a request-based selective
deduplication technique, called Select-Dedupe, to alleviate
the data fragmentation and an adaptive memory management
scheme, called iCache, to ease the memory contention
between the bursty read traffic and the bursty write traffic. We
have implemented a prototype of POD as a module in the
Linux operating system. The experiments conducted on our
lightweight prototype implementation of POD show that POD
significantly outperforms iDedup in the I/O performance
measure by up to 87.9 percent with an average of 58.8 percent.
Moreover, our evaluation results also show that POD achieves
comparable or better capacity savings than iDedup.
ANSPRO TECHNOLOGIES
#7, 1st Floor, 100 ft Ring Road B.T.M 2nd Stage, Near Jayadeva Hospital, Bangaluru-7
Ph:080-64350727 Mob:8095286693 / 9886832434/ 7204005296
Email: [email protected]
www.ansprotech.com
17ANSP-CC-026 Systematic Data Placement Optimization in Multi-Cloud
Storage for Complex Requirements
Multi-cloud storage can provide better features such as
availability and scalability. Current works use multiple cloud
storage providers with erasure coding to achieve certain
benefits including fault-tolerance improving or vendor lock-
in avoiding. However, these works only use the multi-cloud
storage in ad-hoc ways, and none of them considers the
optimization issue in general. In fact, the key to optimize the
multi-cloud storage is to effectively choose providers and
erasure coding parameters. Meanwhile, the data placement
should satisfy system or application developers’
requirements. As developers often demand various objectives
to be optimized simultaneously, such complex requirement
optimization cannot be easily fulfilled by ad-hoc ways. This
paper presents Triones, a systematic model to formally
formulate data placement in multi-cloud storage by using
erasure coding. Firstly, Triones addresses the problem of data
placement optimization by applying non-linear programming
and geometric space abstraction. It could satisfy complex
requirements involving multi-objective optimization.
Secondly, Triones can effectively balance among different
objectives in optimization and is scalable to incorporate new
ones. The effectiveness of the model is proved by extensive
experiments on multiple cloud storage providers in the real
world. For simple requirements, Triones can achieve 50
percent access latency reduction, compared with the model in
mLibCloud. For complex requirements, Triones can improve
fault-tolerance level by 2_ and reduce access latency and
vendor lock-in level by 30_70 percent and 49.85 percent
respectively with about 19.19 percent more cost, compared
with the model only optimizing cost in Scalia.
ANSPRO TECHNOLOGIES
#7, 1st Floor, 100 ft Ring Road B.T.M 2nd Stage, Near Jayadeva Hospital, Bangaluru-7
Ph:080-64350727 Mob:8095286693 / 9886832434/ 7204005296
Email: [email protected]
www.ansprotech.com
17ANSP-CC-027 EPLQ: Efficient Privacy-Preserving Location-Based Query
Over Outsourced Encrypted Data
With the pervasiveness of smart phones, location based
services (LBS) have received considerable attention and
become more popular and vital recently. However, the use of
LBS also poses a potential threat to user’s location privacy. In
this paper, aiming at spatial range query, a popular LBS
providing information about points of interest (POIs) within a
given distance, we present an efficient and privacy-preserving
location-based query solution, called EPLQ. Specifically, to
achieve privacy preserving spatial range query, we propose
the first predicate-only encryption scheme for inner product
range (IPRE), which can be used to detect whether a position
is within a given circular area in a privacy-preserving way. To
reduce query latency, we further design a privacy-preserving
tree index structure in EPLQ. Detailed security analysis
confirms the security properties of EPLQ. In addition,
extensive experiments are conducted, and the results
demonstrate that EPLQ is very efficient in privacy preserving
spatial range query over outsourced encrypted data. In
particular, for a mobile LBS user using an Android phone,
around 0.9 s is needed to generate a query, and it also only
requires a commodity workstation, which plays the role of the
cloud in our experiments, a few seconds to search POIs. 17ANSP-CC-028 Cloud Customer’s Historical Record Based Resource Pricing
Media content in its digital form has been rapidly scaling up,
resulting in popularity gain of cloud computing. Cloud
computing makes it easy to manage the vastly increasing
digital content. Moreover, additional features like,
omnipresent access, further service creation, discovery of
services, and resource management also play an important
role in this regard. The forthcoming era is interoperability of
multiple clouds, known as cloud federation or inter-cloud
ANSPRO TECHNOLOGIES
#7, 1st Floor, 100 ft Ring Road B.T.M 2nd Stage, Near Jayadeva Hospital, Bangaluru-7
Ph:080-64350727 Mob:8095286693 / 9886832434/ 7204005296
Email: [email protected]
www.ansprotech.com
computing. With cloud federation, services would be
provided through two or more clouds. Once matured and
standardized, inter-cloud computing is supposed to provide
services which would be more scalable, better managed, and
efficient. Such tasks are provided through a middleware entity
called cloud broker. A broker is responsible for reserving
resources, managing them, discovering services according to
customer’s demands, Service Level Agreement (SLA)
negotiation, and match-making between the involved service
provider and the customer. So far existing studies discuss
brokerage in a narrow focused way. In the research outcome
presented in this paper, we provide a holistic brokerage model
to manage on-demand and advance service reservation,
pricing, and reimbursement. A unique feature of this study is
that we have considered dynamic management of customer’s
characteristics and historical record in evaluating the
economics related factors. Additionally, a mechanism of
incentive and penalties is provided, which helps in trust build-
up for the customers and service providers, prevention of
resource underutilization, and profit gain for the involved
entities. For practical implications, the framework is modeled
on Amazon Elastic Compute Cloud (EC2) On-Demand and
Reserved Instances service pricing. For certain features
required in the model, data was gathered from Google Cluster
trace. 17ANSP-CC-029 Achieving Simple, Secure and Efficient Hierarchical Access
Control in Cloud Computing
Access control is an indispensable security component of
cloud computing, and hierarchical access control is of
particular interest since in practice one is entitled to different
access privileges. This paper presents a hierarchical key
assignment scheme based on linear-geometry as the solution
of flexible and finegrained hierarchical access control in
cloud computing. In our scheme, the encryption key of each
ANSPRO TECHNOLOGIES
#7, 1st Floor, 100 ft Ring Road B.T.M 2nd Stage, Near Jayadeva Hospital, Bangaluru-7
Ph:080-64350727 Mob:8095286693 / 9886832434/ 7204005296
Email: [email protected]
www.ansprotech.com
class in the hierarchy is associated with a private vector and a
public vector, and the inner product of the private vector of an
ancestor class and the public vector of its descendant class can
be used to derive the encryption key of that descendant class.
The proposed scheme belongs to direct access schemes on
hierarchical access control, namely each class at a higher level
in the hierarchy can directly derive the encryption key of its
descendant class without the need of iterative computation. In
addition to this basic hierarchical key derivation, we also give
a dynamic key management mechanism to efficiently address
potential changes in the hierarchy. Our scheme only needs
light computations over finite field and provides strong key
indistinguishability under the assumption of pseudorandom
functions. Furthermore, the simulation shows that our scheme
has an optimized trade-off between computation consumption
and storage space. 17ANSP-CC-030 Towards Building Forensics Enabled Cloud Through Secure
Logging-as-a-Service
Collection and analysis of various logs (e.g., process logs,
network logs) are fundamental activities in computer
forensics. Ensuring the security of the activity logs is
therefore crucial to ensure reliable forensics investigations.
However, because of the black-box nature of clouds and the
volatility and co-mingling of cloud data, providing the cloud
logs to investigators while preserving users’ privacy and the
integrity of logs is challenging. The current secure logging
schemes, which consider the logger as trusted cannot be
applied in clouds since there is a chance that cloud providers
(logger) collude with malicious users or investigators to alter
the logs. In this paper, we analyze the threats on cloud users’
activity logs considering the collusion between cloud users,
providers, and investigators. Based on the threat model, we
propose Secure-Logging-as-a-Service (SecLaaS), which
preserves various logs generated for the activity of virtual
ANSPRO TECHNOLOGIES
#7, 1st Floor, 100 ft Ring Road B.T.M 2nd Stage, Near Jayadeva Hospital, Bangaluru-7
Ph:080-64350727 Mob:8095286693 / 9886832434/ 7204005296
Email: [email protected]
www.ansprotech.com
machines running in clouds and ensures the confidentiality
and integrity of such logs. Investigators or the court authority
can only access these logs by the RESTful APIs provided by
SecLaaS, which ensures confidentiality of logs. The integrity
of the logs is ensured by hash-chain scheme and proofs of past
logs published periodically by the cloud providers. In prior
research, we used two accumulator schemes Bloom filter and
RSA accumulator to build the proofs of past logs. In this
paper, we propose a new accumulator scheme—Bloom-Tree,
which performs better than the other two accumulators in
terms of time and space requirement. 17ANSP-CC-031 Fine-Grained Two-Factor Access Control for Web-Based
Cloud Computing Services
In this paper, we introduce a new fine-grained two-factor
authentication (2FA) access control system for web-based
cloud computing services. Specifically, in our proposed 2FA
access control system, an attribute-based access control
mechanism is implemented with the necessity of both a user
secret key and a lightweight security device. As a user cannot
access the system if they do not hold both, the mechanism can
enhance the security of the system, especially in those
scenarios where many users share the same computer for web-
based cloud services. In addition, attribute-based control in
the system also enables the cloud server to restrict the access
to those users with the same set of attributes while preserving
user privacy, i.e., the cloud server only knows that the user
fulfills the required predicate, but has no idea on the exact
identity of the user. Finally, we also carry out a simulation to
demonstrate the practicability of our proposed 2FA system.
17ANSP-CC-032 Conjunctive Keyword Search With Designated Tester and
Timing Enabled Proxy Re-Encryption Function for E-Health
Clouds
ANSPRO TECHNOLOGIES
#7, 1st Floor, 100 ft Ring Road B.T.M 2nd Stage, Near Jayadeva Hospital, Bangaluru-7
Ph:080-64350727 Mob:8095286693 / 9886832434/ 7204005296
Email: [email protected]
www.ansprotech.com
An electronic health (e-health) record system is a novel
application that will bring great convenience in healthcare.
The privacy and security of the sensitive personal information
are the major concerns of the users, which could hinder
further development and widely adoption of the systems. The
searchable encryption (SE) scheme is a technology to
incorporate security protection and favorable operability
functions together, which can play an important role in the e-
health record system. In this paper, we introduce a novel
cryptographic primitive named as conjunctive keyword
search with designated tester and timing enabled proxy
reencryption function (Re-dtPECK), which is a kind of a
time-dependent SE scheme. It could enable patients to
delegate partial access rights to others to operate search
functions over their records in a limited time period. The
length of the time period for the delegatee to search and
decrypt the delegator’s encrypted documents can be
controlled. Moreover, the delegatee could be automatically
deprived of the access and search authority after a specified
period of effective time. It can also support the conjunctive
keywords search and resist the keyword guessing attacks. By
the solution, only the designated tester is able to test the
existence of certain keywords. We formulate a system model
and a security model for the proposed Re-dtPECK scheme to
show that it is an efficient scheme proved secure in the
standard model. The comparison and extensive simulations
demonstrate that it has a low computation and storage
overhead. 17ANSP-CC-033 A Multi-Level Authorization Based Tenant Separation
Mechanism in Cloud Computing Environment
Separation issue is one of the most important problems about
cloud computing security. Tenants should be separated from
each other based on cloud infrastructure and different users
from one tenant should be separated from each other with the
ANSPRO TECHNOLOGIES
#7, 1st Floor, 100 ft Ring Road B.T.M 2nd Stage, Near Jayadeva Hospital, Bangaluru-7
Ph:080-64350727 Mob:8095286693 / 9886832434/ 7204005296
Email: [email protected]
www.ansprotech.com
constraint of security policies. Learning from the notion of
trusted cloud computing and trustworthiness in cloud, in this
paper, a multi-level authorization separation model is
formally described, and a series of rules are proposed to
summarize the separation property of this model. The correct-
ness of the rules is proved. Furthermore, based on this model,
a tenant separation mechanism is deployed in a real world
mixed-critical in- formation system. Performance
benchmarks have shown the availability and efficiency of this
mechanism. 17ANSP-CC-034 SafeProtect: Controlled Data Sharing With User-Defined
Policies in Cloud-Based Collaborative Environment
There are many cloud-based applications consumed by users,
which encourage data sharing with not only peers, but also
new friends and collaborators. Data are increasingly being
stored outside the confines of the data owner’s machine with
little knowledge to the data owner, how and where the data
are being stored and used. Hence, there is a strong need for
the data owner to have a stronger control over their data,
similar to the level of control they possess when the data are
stored on their own machine. For instance, when a data owner
shares a secret file with a friend, he cannot guarantee what his
friend will do with the data. In this paper, we attempt to
address this problem by monitoring and preventing
unauthorized operations by the data consumer. We present a
solution called SafeProtect, which bundles the data owner’s
data and policy, based on XACML, in an object. SafeProtect
enforces the policies set out by the data owner by
communicating with the SaaS applications to disable certain
commands and/or run a background process monitor for
auditability/accountability purposes. We define a protocol
that will enable secure data sharing in the cloud and leverage
the use of the trusted extension device for authentication
purposes.
ANSPRO TECHNOLOGIES
#7, 1st Floor, 100 ft Ring Road B.T.M 2nd Stage, Near Jayadeva Hospital, Bangaluru-7
Ph:080-64350727 Mob:8095286693 / 9886832434/ 7204005296
Email: [email protected]
www.ansprotech.com
17ANSP-CC-035 Circuit Ciphertext-Policy Attribute-Based Hybrid Encryption
with Verifiable Delegation in Cloud Computing
In the cloud, for achieving access control and keeping data
confidential, the data owners could adopt attribute-based
encryption to encrypt the stored data. Users with limited
computing power are however more likely to delegate the
mask of the decryption task to the cloud servers to reduce the
computing cost. As a result, attribute-based encryption with
delegation emerges. Still, there are caveats and questions
remaining in the previous relevant works. For instance, during
the delegation, the cloud servers could tamper or replace the
delegated ciphertext and respond a forged computing result
with malicious intent. They may also cheat the eligible users
by responding them that they are ineligible for the purpose of
cost saving. Furthermore, during the encryption, the access
policies may not be flexible enough as well. Since policy for
general circuits enables to achieve the strongest form of
access control, a construction for realizing circuit ciphertext-
policy attribute-based hybrid encryption with verifiable
delegation has been considered in our work. In such a system,
combined with verifiable computation and encrypt-then-mac
mechanism, the data confidentiality, the fine-grained access
control and the correctness of the delegated computing results
are well guaranteed at the same time. Besides, our scheme
achieves security against chosen-plaintext attacks under the
k-multilinear Decisional Diffie-Hellman assumption.
Moreover, an extensive simulation campaign confirms the
feasibility and efficiency of the proposed solution.